Red Hat Security Advisory 2018-2913-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.1.0 serves as an update to Red Hat Decision Manager 7.0.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a Yaml unmarshalling vulnerability.
cc38b911e825f8edd37d3bbb9acc75c0dae2fe09e6e53d916347b347a89128ce
Red Hat Security Advisory 2018-2909-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.1.0 serves as an update to Red Hat Process Automation Manager 7.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include Yaml unmarshalling that is vulnerable to remote code execution.
02c092985bfa4e2ad27e8aa3eac59ea24be99ae42083543407bef6cbb6b4374e
Red Hat Security Advisory 2017-1676-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.4 serves as a replacement for Red Hat JBoss BRMS 6.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack.
7938c25d75d22b57347c196fe19f9ae96686476d9dd8a63bb82dfafa5ade0be1
Red Hat Security Advisory 2017-1675-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.4 serves as a replacement for Red Hat JBoss BPM Suite 6.4.3, and includes bug fixes and enhancements. Multiple security issues have been addressed.
c31bd74fd79ba0d8b483540341cb8df1ebddada65ede7258285503b00b40e2ed
Red Hat Security Advisory 2017-1409-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
6655aa3f4ba69e9f79cc5aa9277208f3d94f6edd15fbc74efeaf60b97f6ff9a1
Red Hat Security Advisory 2017-1411-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
fd7a33b7eceadc56b5ecab3789c2aaa775779137936c0e2bd3ab4d7e04ccb77f
Red Hat Security Advisory 2017-1412-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.6.
572ff322bc0ba231d7d9932fa3ba4c52df7238dcebe07b0ad7b7b4629a1d48b7
Red Hat Security Advisory 2017-1410-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
ddf58742aa1e9de8bddcd533b647ee82fd2161e4db937faa29aa9d0c2d41a023
Red Hat Security Advisory 2017-1256-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
66a0b9ebd91f3d58b18c164ce18f959b822d47b029a739de04202319a8322641
Red Hat Security Advisory 2017-1253-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
5a4ec3b1227c9241673259dff46a3a8629ad441ccc88aaeb18290d488426c5d1
Red Hat Security Advisory 2017-1255-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
908877da3f1cfc9dfca69965316818a94445a7d83eafed2908514e284a7b6ae4
Red Hat Security Advisory 2017-1260-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.15. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
f8dede59460b3e91131da210ce201d95cfb51359708c5aedfa61beace085aa8c
Red Hat Security Advisory 2017-1254-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
4a6d3b6826b17d73c6e89756d374ffc7b8d743c626ed1841cace3e0cb5b75665